10. February 2014

NSA did not crack encryption - SSL is still np-complete problem

I do realize I am not the utmost expert for security, but I have been reading about this topic since it came out in September enough to know that SSL encryption as it is has not been cracked. As reported by Snowden the NSA has inserted back doors into certificate authorities and that is the indication that even NSA with all its computing power does not think it is possible to crack or break the RSA encryption. Some security experts think that RSA (as any other np-complete mathematical problem) will be solved eventually (we all realize that current encryption algorithms are np-complete problems which means that they are not mathematically confirmed to be unsolveable), some even go as far to claim that it will be cracked in next few years.
Beside from theoretical approach many have taken the brute force approach to the solution of SSL/RSA problems. One of the examples is BREACH (or Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) which enables an eavesdropper to decypher your secure information in as little as 30 seconds. It is achieved by CRIME technique (Compression Ratio Info-leak Made Easy), but so far the lack of computing power only enables them to crack smaller certificate keys.
Now what is becoming crucial is the certificate complexity and some of security experts even advised that in the post-cryptographic age we should consider alternatives such as creating bigger files to store important data (so hacker needs more time to get it to his own computer, etc.). With all recent developments in internet security we are all aware that even computers not in network (not on internet if you wish) can be hacked. Good example is Iranian Nuclear Power Plants, who were hacked by NSA worm that infected the system through USB media. And to go even further there are now BIOS worms that can be transmitted through speakers which means that computer can get infected even without and outside source.
All this just points us into direction where it will be very hard to keep an electronic secret almost anywhere.